When you set up the snmp user command does that user have to match a local user account on the router/swtich? (Or a radius/tacacs+ account). If so does that mean the auth password has to match the user account? I am having trouble connecting to our NMS when I start using the authnoPriv or authPriv contexts. I know I have the crypto IOS so that is not the issue. I can make connection to our NMS using noAuthnoPriv, but I would like more security. We do use tacacs+ for our user account login and the it goes back to local login if the ACS Server is down. Does this mean I have to use tacacs+ for my SNMPv3 authentication? Are there any good docs on that out there? Any help on this would be great! Thank you!
Currently, there is no support for getting SNMPv3 users from AAA. So the quick answer is, no, the SNMPv3 user and password do NOT have to match what you have in Radius or TACACS+. All SNMPv3 users must be locally configured on your device.
This document should get you started securing your SNMP traffic, and help you with configuring SNMPv3:
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...